At the end of 2020, a municipality in The Netherlands was hit by a cyber attack. In retrospect, the impact on residents, employees and suppliers was greater than many could have imagined.
Such a cyber incident has made many municipalities think even more about their own information security. After all, being and remaining digitally resilient is something like trial and error and becoming smarter through trial-and-error. As a result of maximum awareness and focus, a number of decisions have been made. Including the use of independent network monitoring: the Cyberalarm Pro from SecureMe2.
Various Incident Response companies have been involved in the initial reaction and analysis afterwards. A recurring conclusion was that, in addition to preventive measures, much more attention should be paid to monitoring and checking the effectiveness of the measures taken. From ‘in-control’ to ‘proven-in-control’. And in addition to the technical measures, it appears that humans are continuously a source of incidents. Municipalities must therefore do even better to prevent that unconscious mistakes can be made that have a major impact on primary processes.
Last but not least, this incident provides insight into the direct or indirect damage. That turns out to be significant. And then we haven’t even mentioned the nuisance experienced by the residents. Together with a number of municipalities, we further calculated the possible damage that a municipality could suffer in the context of the P&C cycle. An exercise that we can recommend to everyone. It provides a lot of insights and bridges the gap between risks and the (technical) measures to be taken. In addition, a keen internal discussion emphasizes the importance of the roles that must be played to implement and maintain demonstrably effective measures.
Cyber Security is a subject where cooperation in the chain is essential. However, the most important thing remains to take your own responsibility as an individual municipality. Only then can we arm ourselves against such attacks.
In summary: Protecting a municipal organization as much as possible against cybercrime is just as much a primary task as building and keeping a public road safe!
SecureMe2 now helps dozens of municipalities to demonstrably test and increase their cyber resilience.